TheHarvester – this tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective, this tool can gather information like user names, hostsname and domains from public or an organization.
This is a complete rewrite of the tool with new features like:
- Time delays between request
- All sources search
- Virtual host verifier
- Active enumeration (DNS enumeration, Reverse lookups, TLD expansion)
- Integration with SHODAN computer database, to get the open ports and banners
- Save to XML and HTML
- Basic graph with stats
- New sources
For Backtrack user:
1. Open a terminal and run the following command.
/pentest/enumeration/theharvester
root@bt:/# cd /pentest/enumeration/theharvester root@bt:/pentest/enumeration/theharvester# ./theHarvester.py -d pir8geek.com -l 100 -b all
Note drop the www. from the url your interested in, example http://www.pir8geek.com becomes pir8geek.com
Usage: theharvester options
-d: Domain to search or company name
-b: Data source (google,bing,bingapi,pgp,linkedin,google-profiles,exalead,all)
-s: Start in result number X (default 0)
-v: Verify host name via dns resolution and search for virtual hosts
-f: Save the results into an HTML and XML file
-n: Perform a DNS reverse query on all ranges discovered
-c: Perform a DNS brute force for the domain name
-t: Perform a DNS TLD expansion discovery
-e: Use this DNS server
-l: Limit the number of results to work with(bing goes from 50 to 50 results,
-h: use SHODAN database to query discovered hosts
google 100 to 100, and pgp doesn’t use this option)
Examples:.
/theHarvester.py -d pir8geek.com -l 500 -b google ./theHarvester.py -d pir8geek.com -b pgp ./theHarvester.py -d pir8geek.com -l 200 -b linkedin
Enjoy…